Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/bid/29038 | vdb-entry x_refsource_BID |
| https://bugzilla.mozilla.org/show_bug.cgi?id=425665 | x_refsource_CONFIRM |
| http://secunia.com/advisories/30167 | third-party-advisory x_refsource_SECUNIA |
| https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html | vendor-advisory x_refsource_FEDORA |
| http://www.securitytracker.com/id?1019967 | vdb-entry x_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html | vendor-advisory x_refsource_FEDORA |
| http://secunia.com/advisories/30064 | third-party-advisory x_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42216 | vdb-entry x_refsource_XF |
| http://www.bugzilla.org/security/2.20.5/ | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/1428/references | vdb-entry x_refsource_VUPEN |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/bid/29038 | vdb-entry x_refsource_BID x_transferred |
| https://bugzilla.mozilla.org/show_bug.cgi?id=425665 | x_refsource_CONFIRM x_transferred |
| http://secunia.com/advisories/30167 | third-party-advisory x_refsource_SECUNIA x_transferred |
| https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html | vendor-advisory x_refsource_FEDORA x_transferred |
| http://www.securitytracker.com/id?1019967 | vdb-entry x_refsource_SECTRACK x_transferred |
| https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html | vendor-advisory x_refsource_FEDORA x_transferred |
| http://secunia.com/advisories/30064 | third-party-advisory x_refsource_SECUNIA x_transferred |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42216 | vdb-entry x_refsource_XF x_transferred |
| http://www.bugzilla.org/security/2.20.5/ | x_refsource_CONFIRM x_transferred |
| http://www.vupen.com/english/advisories/2008/1428/references | vdb-entry x_refsource_VUPEN x_transferred |
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 4.3 | MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Hyperlink | Source | Resource |
|---|---|---|
| http://secunia.com/advisories/30064 | cve@mitre.org | Vendor Advisory |
| http://secunia.com/advisories/30167 | cve@mitre.org | N/A |
| http://www.bugzilla.org/security/2.20.5/ | cve@mitre.org | N/A |
| http://www.securityfocus.com/bid/29038 | cve@mitre.org | Exploit |
| http://www.securitytracker.com/id?1019967 | cve@mitre.org | N/A |
| http://www.vupen.com/english/advisories/2008/1428/references | cve@mitre.org | N/A |
| https://bugzilla.mozilla.org/show_bug.cgi?id=425665 | cve@mitre.org | N/A |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42216 | cve@mitre.org | N/A |
| https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html | cve@mitre.org | N/A |
| https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html | cve@mitre.org | N/A |